Do not download from www.apache.org. Please use a mirror site to help us save apache.org bandwidth. Go here to find your nearest mirror.
APR 1.4.6 has been released, and should be considered "general availability".
APR 1.4.6 addressed hash collisions DoS problem. Users of all previous releases are cautioned to upgrade to the latest version.
APR-util 1.4.1 has been released, and should be considered "general availability".
APR-util 1.3.10 and earlier versions had vulnerabilites affecting some applications. Users of 1.3.10 and previous versions are cautioned to upgrade to the latest version.
APR-iconv 1.2.1 has been released, and should be considered "general availability".
APR 0.9.20 has also been released. This is primarily a bug-fix release for users requiring API or binary compatibility with previous APR 0.9 releases.
Note that APR 0.9.20 corrected a potential security issue, and users of all previous versions are cautioned to upgrade to this release, or version 1.4.2 or later.
Note that patches against potential security issues can be found at http://www.apache.org/dist/apr/patches/.
APR-util 0.9.19 has also been released. This is primarily a a bug-fix release for users requiring API or binary compatibility with previous APR-util 0.9 releases.
Note that APR-util 0.9.19 corrected a number of potential security issues, and users of all previous versions are cautioned to upgrade to this release, or version 1.3.10 or later.
Note that patches against potential security issues can be found at http://www.apache.org/dist/apr/patches/.
APR-iconv 0.9.7 has also been released. This is primarily a a build-fix release for Win32 users requiring API or binary compatibility with previous APR-iconv 0.9 releases.
All of the release distribution packages have been digitally signed (using PGP or GPG) by the ASF committers that constructed them. There will be an accompanying distribution.asc file in the same directory as the distribution. The PGP/GPG keys can be found at the MIT key repository and within this project's KEYS file.
Always signatures to validate package authenticity, e.g., $ pgpk -a KEYS $ pgpv apr-1.0.1.tar.gz.asc or, $ pgp -ka KEYS $ pgp apr-1.0.1.tar.gz.asc or $ gpg --verify apr-1.0.1.tar.gz.asc
We also offer MD5 and SHA1 hashes as an alternative to validate the integrity of the downloaded files. An MD5 hash consists of a 32 character string (example: d41d8cd98f00b204e9800998ecf8427e), and a SHA1 hash consists of a 40 character string (example: da39a3ee5e6b4b0d3255bfef95601890afd80709). See the hash inside each distribution.md5 and distribution.sha1 file for each distribution.